Top Quality of 350-018 test preparation materials and item pool for Cisco certification for IT engineers, Real Success Guaranteed with Updated 350-018 pdf dumps vce Materials. 100% PASS CCIE Pre-Qualification Test for Security exam Today!
2016 Jun 350-018 Study Guide Questions:
Q221. Which two pieces of information are communicated by the ASA failover link? (Choose two.)
A. unit state
B. connections State
C. routing tables
D. power status
E. MAC address exchange
Q222. Which two VLSM subnets, when taken as a pair, overlap? (Choose two.)
Q223. Which statement is true regarding Cisco ASA operations using software versions 8.3 and later?
A. The global access list is matched first before the interface access lists.
B. Both the interface and global access lists can be applied in the input or output direction.
C. When creating an access list entry using the Cisco ASDM Add Access Rule window, choosing "global" as the interface will apply the access list entry globally.
D. NAT control is enabled by default.
E. The static CLI command is used to configure static NAT translation rules.
Leading examcollection 350-018:
Q224. Before BGP update messages may be sent, a neighbor must stabilize into which neighbor state?
Q225. A device is sending a PDU of 5000 B on a link with an MTU of 1500 B. If the PDU includes 20 B of IP header, which statement is true?
A. The first three packets will have a packet payload size of 1400.
B. The last packet will have a payload size of 560.
C. The first three packets will have a packet payload size of 1480.
D. The last packet will have a payload size of 20.
Q226. Which standard prescribes a risk assessment to identify whether each control is required to decrease risks and if so, to which extent it should be applied?
A. ISO 27001
B. ISO 27002
C. ISO 17799
E. ISO 9000
Real 350-018 test questions:
Q227. To prevent a potential attack on a Cisco IOS router with the echo service enabled, what action should you take?
A. Disable the service with the no ip echo command.
B. Disable the service with the no echo command.
C. Disable tcp-small-servers.
D. Disable this service with a global access-list.
Q228. What will the receiving router do when it receives a packet that is too large to forward, and the DF bit is not set in the IP header?
A. Drop the packet, and send the source an ICMP packet, indicating that the packet was too big to transmit.
B. Fragment the packet into segments, with all segments having the MF bit set.
C. Fragment the packet into segments, with all except the last segment having the MF bit set.
D. Fragment the packet into segments, with all except the first segment having the MF bit set.
Q229. EAP-MD5 provides one-way client authentication. The server sends the client a random challenge. The client proves its identity by hashing the challenge and its password with MD5. What is the problem with EAP-MD5?
A. EAP-MD5 is vulnerable to dictionary attack over an open medium and to spoofing because there is no server authentication.
B. EAP-MD5 communication must happen over an encrypted medium, which makes it operationally expensive.
C. EAP-MD5 is CPU-intensive on the devices.
D. EAP-MD5 not used by RADIUS protocol.
Q230. Refer to the exhibit.
On R1, encrypt counters are incrementing. On R2, packets are decrypted, but the encrypt counter is not being incremented. What is the most likely cause of this issue?
A. a routing problem on R1
B. a routing problem on R2
C. incomplete IPsec SA establishment
D. crypto engine failure on R2
E. IPsec rekeying is occurring